Firewalls Don't Stop Dragons Podcast

Having data privacy laws are great. But if those laws can’t be practically enforced or your rights easily asserted, they’re not very useful. Modern cars are chock full of sensors, many of which are used to monitor the passengers and collect personal data. But cars are subject to privacy laws, too. Opting out of data collection or requesting data deletion should be straightforward. Andrea Amico and Merry Marwig from Privacy4Cars just completed a massive study on this, and the vast majority of auto brands had horrible user experiences for data management. They will share their findings with us on today’s show. Interview Notes Privacy4Cars: https://privacy4cars.com/  California UX whitepaper: https://privacy4cars.com/ux-california/  Vehicle Privacy Report tool: https://vehicleprivacyreport.com/  Company auto info: https://Privacy4Cars.com/CISO  GDPR auto info: https://Privacy4Cars.com/GDPR  Opt Out Code: https://optoutcode.com/ IoT on Wheels talk: https://instituteofprivacydesign.org/2025/08/11/cars-iot-endpoints-on-wheels-privacy-engineering-technology-education-discussion-peted-recording/  Data Diva car data graphic (slide 16): https://www.nist.gov/system/files/documents/2024/05/15/V3_2024_May_IoTAB%20%20-%20Monroney%20Sticker%20Presentation_Privacy_subteam_compressed%20508.pdf  IoT Advisory Board Report: https://www.nist.gov/system/files/documents/2024/10/21/The%20IoT%20of%20Things%20Oct%202024%20508%20FINAL_1.pdf  Enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:01:06: Listener survey reminder 0:01:53: Patron promo reminder 0:02:30: Lingo definitions 0:03:14: What’s changed since our last talk? 0:08:15: What data do cars collect? 0:12:56: How could car data affect my insurance rates? 0:15:51: What was the purpose of your recent study? 0:23:01: How do authorized agents work? 0:28:01: How does Opt Out Code work? 0:33:21: What’s the response been to your report? 0:36:13: How do we make car data more obvious? 0:40:23: Does GDPR apply to cars? 0:45:17: What are some other cases to consider? 0:48:45: What’s the EU Data Act? 0:54:08: How do I limit my auto data sharing? 0:56:44: How remove car data before selling? 0:59:56: What’s next for you? 1:01:43: Wrap-up 1:03:25: Enable Global Privacy Control 1:05:24: Patron podcast preview 1:06:52: Looking ahead

Explore the fascinating world of AI privacy and the challenges posed by chatbots like ChatGPT and Gemini. Discover privacy-friendly alternatives that protect your data while interacting with AI. Dive into discussions on a Texas court blocking an app store age verification law and shocking revelations about Flock's unsecured AI cameras. Learn about a significant data leak at Pornhub and the implications of stalkerware enforcement. Uncover the risks of automated content recognition in smart TVs and practical tools for managing personal data effectively.

Kee Jeffreys, CEO and founder of the privacy-focused Session app, dives into the intriguing world of decentralized messaging. He explains how Session operates without phone numbers and relies on a network of nodes for security. Jeffreys discusses the importance of protecting metadata, the benefits of open source software, and how features like Perfect Forward Secrecy and post-quantum encryption enhance user privacy. He also highlights why privacy matters to everyone, as well as the innovative economic model behind the Session network.

Every week, I record a special, private bonus podcast for my patrons. Normally all of that content is restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Yael Grauer (Consumer Reports), Josh Summers (All Things Secured), Lisa LeVasseur (Internet Safety Labs), Josh Corman (UnDisruptable27), Andy Liddell (EdTech Law Center), Carissa Véliz (author, professor), Eamonn Maguire (Proton), Grace Menna & Adrien Ogee (Cyber Resilience Corps). Enjoy! Original Interview Links Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep420: Josh Summers: https://podcast.firewallsdontstopdragons.com/2025/03/17/all-things-secured/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep428: Josh Corman: https://podcast.firewallsdontstopdragons.com/2025/05/12/shelter-from-the-storm/  Ep426: Andy Liddell: https://podcast.firewallsdontstopdragons.com/2025/07/07/defending-student-privacy/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep453: Eamonn Maguire: https://podcast.firewallsdontstopdragons.com/2025/10/27/privacy-focused-ai/  Ep454: Grace Menna & Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Security Planner: https://securityplanner.consumerreports.org/  App Microscope: https://appmicroscope.org/  Take 9: https://pausetake9.org/  Meshtastic: https://meshtastic.org/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  CISA Bad Practices: https://www.cisa.gov/news-events/news/bad-practices-0 Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:03:55: Ep416: Yael Grauer 0:10:51: Ep420: Josh Summers 0:16:36: Ep422: Lisa LaVasseur 0:22:21: Ep428: Josh Corman 0:30:03: Ep426: Andy Liddell 0:35:49: Ep438: Deviant 0:41:55: Ep446: Carissa Veliz 0:47:12: Ep450: Jake Braun 0:52:55: Ep454: Grace Menna & Adrien Ogee 0:55:44: Wrap-up

I’m digging into the vault for a classic interview – a blast from the past! I’ve done 460 episodes over the last nearly 9 years, and some of the best old episodes still hold up well today. I first interviewed Troy Hunt, creator of Have I Been Pwned, in February of 2019. It was Episode 102 and it was entitled “You Must Stop Reusing Passwords”. In this episode we talk a little about the origins of HIBP, password security, data breaches and brokers, and how to keep our accounts secure. I’ve added some new commentary, but the original episode is preserved in all of its glory! Interview Notes Have I Been Pwned? https://haveibeenpwned.com/  NIST updated password guidelines:  https://pages.nist.gov/800-63-4/sp800-63c.html  Proton summary of NIST changes: https://proton.me/blog/nist-password-guidelines  Password haystacks: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  Choosing a strong PIN: https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Using passphrases: https://podcast.firewallsdontstopdragons.com/2021/05/24/how-when-to-use-a-passphrase/  On passkeys: https://podcast.firewallsdontstopdragons.com/2023/05/22/problems-with-passkeys/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:32: Interview setup 0:02:52: What is Have I Been Pwned? 0:05:37: What is a data breach? 0:06:42: Where do you get data breach records? 0:08:18: What is the “dark web”? 0:10:35: How do YOU get breach data? 0:11:43: What were some of the worst data breaches? 0:15:09: Who is behind these breaches? 0:17:03: How often are data brokers hacked? 0:19:47: Is it that hard to protect our data? 0:21:22: Is there no liability for not protecting data? 0:24:16: What about breach disclosure laws? 0:26:00: Do class action lawsuits provide accountability? 0:29:00: How can consumers evaluate a company’s data security? 0:32:35: Is data collection inherently bad? 0:34:43: How can we best use HIBP? 0:36:59: Should sites be rejecting known-bad passwords? 0:39:37: Why do some sites limit the use of special characters? 0:41:50: How up-to-date is HIBP data? 0:44:25: What does registering for notifications do? 0:45:39: What is your “opt out” feature? 0:46:25: Can hackers use HIBP for nefarious purposes? 0:48:16: Any other password advice? 0:50:27: Which services integrate with HIBP? 0:52:19: Wrap-up 0:54:52: New password guidelines 1:01:45: Patron podcast preview 1:02:12: Looking ahead

Cory Doctorow, an influential author and technology activist, dives into the socio-economic impacts of AI and the shifting dynamics of labor. He explains the concepts of centaurs and reverse centaurs, highlighting how automation can both enhance and complicate work processes. Doctorow also discusses the precarious nature of algorithm-driven jobs and raises concerns about growing inequality in the job market. His insights offer a thought-provoking look at the future of work in an automated world.

Dive into the vibrant history of Phrack, a pioneering zine that emerged from the early BBS culture. Explore the quirky world of phone phreaking, blue boxes, and the economics of accessing remote networks. Discover the ethos behind hacking as an art form and the significance of the Hacker Manifesto. Delve into the legacy of influential articles like 'Smashing the Stack' and ponder the evolution of hacker culture amid today's AI advancements. This journey captures the spirit of innovation and rebellion in the digital age.

As the holiday season approaches, scammers ramp up their activities. The discussion covers alarming current scams, including the ClickFix malware trick and a clever Apple Support phishing scheme. Learn how to protect yourself from clipboard attacks and the importance of using hardware security keys. The podcast also touches on recent cybersecurity news, like the FCC scrapping essential rules and the end of a flight records program. Plus, there are festive gift suggestions, focusing on privacy-conscious options and tools to safeguard your network.

Join smart-home expert Stacey Higginbotham, cybersecurity manager Yael Grauer, and security consultant Jeff Landale as they dive into holiday tech gifting. They share strategies for choosing gifts that prioritize privacy and ease of setup. Expect tales of tech gift disasters and a candid discussion on invasive AI ads and problematic devices to avoid. The trio also highlights alternative non-tech gifts and offers tips for ensuring a smooth gifting experience. Tune in for insights that will help you navigate the tricky landscape of tech presents!

Dive into the murky waters of online privacy! Learn how data brokers collect your personal information and discover an easy way to remove it. Meta's new policy allows ads based on your AI chats, while Google's shopping tool raises eyebrows about AI handling purchases. Explore OpenTable's controversial guest profiling and the revelation of the first AI-driven espionage campaign. With lawmakers pushing VPN bans and new health privacy regulations on the table, the landscape of your digital safety is evolving fast.